NSE4_FGT-6.4試験無料問題集（165題）「Fortinet NSE 4

出題：1

Examine this output from a debug flow:

Why did the FortiGate drop the packet?

A. It failed the RPF check.

B. The next-hop IP address is unreachable.

C. It matched an explicitly configured firewall policy with the action DENY.

D. It matched the default implicit firewall policy.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

Refer to the exhibit.

Given the interfaces shown in the exhibit. which two statements are true? (Choose two.)

A. port1-vlan10 and port2-vlan10 are part of the same broadcast domain.

B. port1-vlan and port2-vlan1 can be assigned in the same VDOM or to different VDOMs.

C. Traffic between port2 and port2-vlan1 is allowed by default.

D. port1 is a native VLAN.

正解：B,D 解答を投票する

出題：3

Refer to the exhibit.

An administrator is running a sniffer command as shown in the exhibit.
Which three pieces of information are included in the sniffer output? (Choose three.)

A. Packet payload

B. Ethernet header

C. IP header

D. Interface name

E. Application header

正解：A,C,D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

View the exhibit.

Which of the following statements are correct? (Choose two.)

A. Dead peer detection must be disabled to support this type of IPsec setup.

B. The TunnelB route is the primary route for reaching the remote site. The TunnelA route is used only if the TunnelB VPN is down.

C. This setup requires at least two firewall policies with the action set to IPsec.

D. This is a redundant IPsec setup.

正解：B,D 解答を投票する

出題：5

Which two statements are true when FortiGate is in transparent mode? (Choose two.)

A. Static routes are required to allow traffic to the next hop.

B. By default, all interfaces are part of the same broadcast domain.

C. FortiGate forwards frames without changing the MAC address.

D. The existing network IP schema must be changed when installing a transparent mode.

正解：B,C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

Which type of logs on FortiGate record information about traffic directly to and from the FortiGate management IP addresses?

A. Local traffic logs

B. Security logs

C. System event logs

D. Forward traffic logs

正解：A 解答を投票する

出題：7

Refer to the exhibit to view the firewall policy.

Which statement is correct if well-known viruses are not being blocked?

A. The action on the firewall policy must be set to deny.

B. Web filter should be enabled on the firewall policy to complement the antivirus profile.

C. The firewall policy must be configured in proxy-based inspection mode.

D. The firewall policy does not apply deep content inspection.

正解：D 解答を投票する

出題：8

What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?

A. It limits the scope of application control to scan application traffic using parent signatures only

B. It limits the scope of application control to the browser-based technology category only.

C. It limits the scope of application control to scan application traffic based on application category only.

D. It limits the scope of application control to scan application traffic on DNS protocol only.

正解：C 解答を投票する

出題：9

Which Security rating scorecard helps identify configuration weakness and best practice violations in your network?

A. Automated Response

B. Optimization

C. Fabric Coverage

D. Security Posture

正解：D 解答を投票する

NSE4_FGT-6.4試験無料問題集「Fortinet NSE 4 - FortiOS 6.4 認定」